[c-nsp] asr1001x nat logging

Nick Cutting ncutting at edgetg.co.uk
Thu Dec 10 03:29:23 EST 2015


Sorry that should read:

Show flow monitor exporter statistics

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Cutting
Sent: 10 December 2015 08:17
To: dmitry at zhigulinet.ru; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] asr1001x nat logging

You need to use the show commands to see if the ASR thinks the traffic is leaving:

What is the output of show flow exporter?

I always find it's something like "SE linux" on the collector, and this stops you from seeing it in tcpdump.

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of dmitry at zhigulinet.ru
Sent: 10 December 2015 08:06
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] asr1001x nat logging

Hello, Cisco-nsp..

On my cisco asr1001x not work nat logging.
What could be the problem?
Netflow v5 work.
I do not see traffic on collector with tcpdump.
I tryning soft:
System image file is "bootflash:/asr1001x-universalk9.03.12.01.S.154-2.S1-std.SPA.bin"
System image file is "bootflash:/asr1001x-universalk9.03.15.00.S.155-2.S-std.SPA.bin"


interface TenGigabitEthernet0/0/0
 description Downlink-to-X670
 ip address 10.254.253.18 255.255.255.252  no ip redirects  no ip unreachables  ip nat inside  ip flow monitor flow_v5 input  ip flow monitor flow_v5 output  service-policy type control CTRL-IPOE  ip subscriber routed
  initiator unclassified ip-address
end

ip nat settings mode cgn
no ip nat settings support mapping outside ip nat settings pap limit 60 ip nat log translations flow-export v9 udp destination 10.0.0.122 9995 source TenGigabitEthernet0/0/0 ip nat log translations flow-export v9 vrf 0 on ip nat translation timeout 300 ip nat translation tcp-timeout 1800 ip nat translation pptp-timeout 1800 ip nat translation udp-timeout 60 ip nat translation finrst-timeout 10 ip nat translation syn-timeout 10 ip nat translation dns-timeout 10 ip nat translation icmp-timeout 10 ip nat translation port-timeout tcp 80 360 ip nat translation port-timeout tcp 8080 360 ip nat translation port-timeout tcp 1600 180 ip nat translation port-timeout tcp 110 180 ip nat translation port-timeout tcp 25 180 ip nat translation max-entries all-host 2000 ip nat pool NAT_POOL_18.19.142 18.19.142.0 18.19.142.254 netmask 255.255.255.0 ip nat inside source list ACL_NAT_18.19.142 pool NAT_POOL_18.19.142 overload



flow exporter carbon4_v5
 destination 172.1.1.2
 transport udp 9996
 export-protocol netflow-v5
!
!         
flow monitor flow_v5
 exporter carbon4_v5
 cache timeout inactive 10
 cache timeout active 1000
 record netflow-original


--
С уважением,
 Dmitry                          mailto:dmitry at zhigulinet.ru

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list